3 Replies Latest reply on Jun 22, 2010 10:13 AM by kink80

    Endpoint Encryption Confusion in ePO

    kink80

      Attached is a  screen shot of one of my test machines. I have a task setup to remove the Endpoint Encryption for PC 6 and a task to remove the Endpoint Encryption agent 1.0.1. The Remove Endpoint Encryption Agent task is set only to remove the agent from machines that have an Endpoint Encryption State of In-Active which I thought should be accomplished by removing the EEPC 6 product. As you can see form the screenshot from the ePO server this machine does not have the EEPC6 anymore but still has the Endpoint Encryption Agent installed. Why does ePO still list under the Endpoint Encryption heading that the state is Active? A McAfee tech told me that the Endpoint encryption headed section in ePO only refers to the EE Agent. Can that be right? Also please see the other two screenshots that were taken from the machine in question. If EEPC is not installed why is the client saying it is in the Show Encryption Status and why does it still show the EEPC 6 module as being installed? Thanks for any clarification.

        • 1. Re: Endpoint Encryption Confusion in ePO

          Before you remove anything, you need to ensure your state is Inactive and the drives are decrypted.  To do so, you should modify your task for the machine and uncheck the Enable box for the policy. Then wake up the agent and you should see the client start decrypting.

           

          Here are some steps I wrote up:

           

          ·         Go to Menu | Systems | System Tree

          ·         Locate the system you wish to encrypt.

          ·         Check the system’s check box and press the Actions button.

          ·         Select Agent / Modify Policy on a Single System

          ·         Click Edit Assignment for Product Settings.

          ·         Select ‘Break Inheritance and assign the policy…”

          ·         Choose New Policy.

          ·         Create a policy based on ‘My Default’ and name it Decrypt.

          ·         Uncheck ‘Enable Policy’ under the General Tab.

          ·         Set Encryption to ‘None’ under the Encryption tab.

          ·         Save the policy and ensure it is assigned to the computer.

          ·         In the system tree, check the box next to the computer and click Wake Up Agents.

          ·         Check the Force complete policy and task update and click OK.

          ·         Right click the McAfee icon on the computer and choose McAfee Agent Status Monitor and Quick Settings / Show Endpoint Encryption Status to verify agent communication.

          ·         Eventually the Volume Status should switch from Encrypted to Decrypting and when finished the System State will show Inactive.

           

          Once this is done, you can run your tasks to remove the Software first, then the agent.

          • 2. Re: Endpoint Encryption Confusion in ePO
            kink80

            Thank you for your response. However I already have a policy in place that has the "enable policy" checkbox removed and the machine is decrypted. The problem starts after that. ePO is reporting that the EEPC 6.0.1 is not an installed product any longer but when I look at the machine in the "Show Endpoint Encryption Status" it shows the system state as "Active" and the volume status of c: -Decrypted. Whenever my task runs to uninstall the EEPC 6.0.1 from this machine it fails, I am assuming it fails because it is reporting that EEPC is still "Active". My problem is that the machine will not go to the "Inactive" state and that the ePO server already is reporting that EEPC is not installed. I thought this was a "fluke" on this machine so I re-installed Windows and tried it again and got the same results.

            • 3. Re: Endpoint Encryption Confusion in ePO
              kink80

              As a side note I discovered that ePO does not show EEPC as an installed product on any of my test machines. I was lead to believe by a McAfee technician that EEPC 6.0.1 should show up in ePO as an installed product just like the EE Agent 1.0.1.7 does. This is not the case it never appears as an installed product to ePO.